Linked by Andrew Youll on Tue 12th Jul 2005 20:59 UTC
Mozilla & Gecko clones The Mozilla Foundation has released Firefox 1.0.5 which addresses several security issues.
Order by: Score:
v Bad bad bad...
by Joe User on Tue 12th Jul 2005 21:18 UTC
RE: Bad bad bad...
by Anonymous on Tue 12th Jul 2005 21:20 UTC in reply to "Bad bad bad..."
Anonymous Member since:
---

On the other hand, its getting safer und safer. Do you know how many critical bugs are hidden in Opera?

Reply Score: 2

RE[2]: Bad bad bad...
by kfet on Wed 13th Jul 2005 12:54 UTC in reply to "RE: Bad bad bad..."
kfet Member since:
2005-07-06

Could you elaborate? My impression is Opera software is the fastest to handle any known security issue among the browser vendors.

Reply Score: 1

RE: Bad bad bad...
by rm6990 on Tue 12th Jul 2005 21:28 UTC in reply to "Bad bad bad..."
rm6990 Member since:
2005-07-04

Firefox has only 10% market share and has had so many security updates lately ;)

I would recommend Opera any day.


Yes, because market share dictates the quality of code. You're absolutely right.

I find comfort in the fact that they are taking the time to patch the product, instead of leaving security holes wide open.

I'll stick with my current version of Firefox, I'm tired of updating every month or so. I use Firefox for testing purpose only anyway, so...

Yes, I find the 5 minutes a month completely exhausting....even more so than my 8 hour a day job.

Reply Score: 5

RE: Bad bad bad...
by Anonymous on Tue 12th Jul 2005 21:44 UTC in reply to "Bad bad bad..."
Anonymous Member since:
---

I won't comment on your logic, but please use the term install base when that is what you mean.

http://www.osviews.com/modules.php?op=modload&name=News&file=articl...

Reply Score: 0

It's becoming annoying
by Anonymous on Tue 12th Jul 2005 21:21 UTC
Anonymous
Member since:
---

It's actually great that they address the issues rather than ignoring them. However, it's ridiculous to assume people will cope with installing a new version every month or so. Heck, find a way to make it patcheable.

Reply Score: 1

RE: It's becoming annoying
by orestes on Tue 12th Jul 2005 21:34 UTC in reply to "It's becoming annoying"
orestes Member since:
2005-07-06

You make it sound like a huge hardship. Installling the new version takes all of 30 seconds and doesn't require a reboot.

Reply Score: 3

RE[2]: It's becoming annoying
by Anonymous on Tue 12th Jul 2005 21:55 UTC in reply to "RE: It's becoming annoying"
Anonymous Member since:
---

It's 4.8MB (for win32), so wouldn't that be more like 30 minutes if you don't have, or can't get broadband?

How *do* people keep up with general security updates using a modem?

Reply Score: 5

RE[3]: It's becoming annoying
by orestes on Tue 12th Jul 2005 22:07 UTC in reply to "RE[2]: It's becoming annoying"
orestes Member since:
2005-07-06

Closer to 20 on my old dial up. I don't ever recall it being a hardship. OTOH, staying up to date on my Linux box while on dial-up was a legitimate pain in the ass.

Reply Score: 1

RE[3]: It's becoming annoying
by Anonymous on Wed 13th Jul 2005 11:16 UTC in reply to "RE[2]: It's becoming annoying"
Anonymous Member since:
---

once downloaded with broadband it took 11.86sec to to do the upgrade on Mac OS X

Reply Score: 0

RE[3]: It's becoming annoying
by thomas on Wed 13th Jul 2005 12:17 UTC in reply to "RE[2]: It's becoming annoying"
thomas Member since:
2005-07-07

How *do* people keep up with general security updates using a modem?

Unplug it ?

Reply Score: 2

RE[2]: It's becoming annoying
by Anonymous on Tue 12th Jul 2005 22:05 UTC in reply to "RE: It's becoming annoying"
Anonymous Member since:
---

Reboot? Who talked about reboot? Manually downloading a whole program every month just to plug a hole isn't my cup of tea. I tend to use computers to actually do stuff, not hand around keeping them up2date.
If this were a MS issue, people would freak out. It's good news that they're working on auto-patching. The auto and the patching.

Reply Score: 1

RE[3]: It's becoming annoying
by Anonymous on Wed 13th Jul 2005 00:52 UTC in reply to "RE[2]: It's becoming annoying"
Anonymous Member since:
---

We could only be so lucky to have 5MB PATCHES for IE without MS sticking other soul-stealing stuff in behind our backs... For most people 5 MB is trivial.. come on, I've seen flash based web pages bigger than that!!! or how about all those people downloading MP3s.. that much for a whole new broswer? even over dial up it's a non-issue to keep up with current Firefox versions.

Reply Score: 0

RE[3]: It's becoming annoying
by Anonymous on Wed 13th Jul 2005 03:10 UTC in reply to "RE[2]: It's becoming annoying"
Anonymous Member since:
---

LOL. It'd be trivial to update it if Windows had a proper installation system. Keeping up with software updates is for me a 10-second (literally) task once every few weeks. The fact that the Firefox people have to roll yet another auto-update mechanism for Windows is a very good sign of how broken its application model is.

Reply Score: 0

RE[2]: It's becoming annoying
by Anonymous on Wed 13th Jul 2005 21:45 UTC in reply to "RE: It's becoming annoying"
Anonymous Member since:
---

You make it sound like a huge hardship. Installling the new version takes all of 30 seconds and doesn't require a reboot.

rotfl

Beats patching and rebooting.

Reply Score: 0

RE: Bad bad bad...
by Anonymous on Tue 12th Jul 2005 21:22 UTC
Anonymous
Member since:
---

According to your reasoning, Internet Explorer is the safest browser then.

Reply Score: 2

RE[2]: Bad bad bad...
by Anonymous on Wed 13th Jul 2005 12:37 UTC in reply to "RE: Bad bad bad..."
Anonymous Member since:
---

IE is no less safe than firefox. It just has a larger userbase. As is being proven with firefox, and its increasing userbase, if companies want to make spyware for anything (including your precious linux, which isnt a fraction as secure as you may think) they WILL make spyware. I wouldnt be suprised that within the next 5 years, IE far outdid firefox in security. But right now, firefox is less prone because it still has a relitivly small userbase, and the more annoying companies dont care yet.

Reply Score: 1

Next version
by Bobmeister on Tue 12th Jul 2005 21:23 UTC
Bobmeister
Member since:
2005-07-06

The next version, 1,1 now in Alpha WILL have auto-patching capability. I just had it on my computer yesterday...I went back to the current releases to make sure that I have a nice stable browser, so it's coming!

I'm glad as well that they ARE patching it. It's a good browser, as is Opera. Personally, I like Firefox over Opera as it seems to render pages better, but that's just a choice thing....

Reply Score: 3

RE: Next version
by eMagius on Wed 13th Jul 2005 15:45 UTC in reply to "Next version"
eMagius Member since:
2005-07-06

Firefox only renders broken code "better" -- which makes sense, given that it's just a hacked up Netscape Navigator.

Reply Score: 1

I won't update
by Joe User on Tue 12th Jul 2005 21:24 UTC
Joe User
Member since:
2005-06-29

I'll stick with my current version of Firefox, I'm tired of updating every month or so. I use Firefox for testing purpose only anyway, so...

Reply Score: 1

RE: I won't update
by Anonymous on Tue 12th Jul 2005 21:29 UTC in reply to "I won't update"
Anonymous Member since:
---

So the ONLY time that you will use it to surf, you'll get to an evil site that will exploit the bugs, install spyware & cie.
It never happens only to the others. Never overestimate your luck ;)

Reply Score: 0

v RE[2]: I won't update
by cyberpsi on Wed 13th Jul 2005 11:15 UTC in reply to "RE: I won't update"
RE: I won't update
by Joe User on Tue 12th Jul 2005 21:34 UTC
Joe User
Member since:
2005-06-29

So the ONLY time that you will use it to surf, you'll get to an evil site that will exploit the bugs, install spyware & cie.

I don't visit warez web sites. And I don't use Firefox nor IE. I use Opera 8.01.

Reply Score: 1

@joe user...
by Saem on Tue 12th Jul 2005 21:44 UTC
Saem
Member since:
2005-07-06

You're being daft, like many others. Constant updates is a sign of improvements. A better patching system would be nice, but at least we can be assured that they're fixing bugs. One wonders why Opera and IE don't have a simillar rate or improvement, they seems less vigilant.

Reply Score: 1

RE: @joe user...
by abdavidson on Wed 13th Jul 2005 12:50 UTC in reply to "@joe user..."
abdavidson Member since:
2005-07-06

"Constant updates is a sign of improvements"

You're joking! When MS had to release patches every month for IE it was a bad thing, but more releases for Firefox - specifically aimed at fixing security issues - somehow makes it better?

God DAMN some people are obtuse.

"One wonders why Opera and IE don't have a simillar rate or improvement, they seems less vigilant."

Look at Secunia. Firefox has had vulnerabilities outstanding for months. Opera doesn't. Speak sense.

Reply Score: 1

LOL
by Anonymous on Tue 12th Jul 2005 21:46 UTC
Anonymous
Member since:
---

I don't know fighting that much for a 30 seconds install of a binary program of less than 5 MBs. Now I should be the one annoyed since I use gentoo and the source of firefox is 32MBs and the install takes 45 minutes compiling all the code and putting it togheter. Though I'm happy doing it.

Reply Score: 0

RE: LOL
by gothic on Wed 13th Jul 2005 12:18 UTC in reply to "LOL"
gothic Member since:
2005-07-06

I use binary.. and that's your problem.. that's the price of using gentoo.

Reply Score: 1

Opera
by Anonymous on Tue 12th Jul 2005 21:50 UTC
Anonymous
Member since:
---

Opera has become my favorite browser ever since I gave it a fair shot starting with 8.0. Plus the more I use it and discovers it's features, the more I like it. I even use it on my BSD box now over Firefox.

Reply Score: 0

Auto-update
by agildehaus on Tue 12th Jul 2005 21:57 UTC
agildehaus
Member since:
2005-06-29

Firefox developers are working hard to bring a decent auto-update mechanism into place for 1.1. Meaning no more downloading of installers. The auto-updater also will refuse to download new versions of Firefox if doing so will break installed extensions (though there's an option to allow that).

Reply Score: 5

Great!
by jondoor on Tue 12th Jul 2005 22:04 UTC
jondoor
Member since:
2005-06-30

whatever something is "popular" it gets picked apart, if it has security problems then we all point to those as reasons why it's a bad product or why no one should use it. If it gets patched a lot, avoiding security problems, well that's just too anoying, why would anyone want to be annoyed so much of the time?

Reply Score: 3

RE: Great!
by Anonymous on Tue 12th Jul 2005 22:08 UTC in reply to "Great!"
Anonymous Member since:
---

It's annoying that it *don't get patched* but rather reinstalled every time. Is my english too hard to parse?

Reply Score: 0

@ Saem
by Joe User on Tue 12th Jul 2005 22:07 UTC
Joe User
Member since:
2005-06-29

One wonders why Opera and IE don't have a simillar rate or improvement, they seems less vigilant.

This is a serious accusation you're claiming. Opera has nothing to do with Microsoft. The Opera coders are serious and hard-working people. Microsoft staff doesn't talk with the user base the way Opera programmers do. Opera Software is not less vigilant than the Mozilla Foundation.

Reply Score: 3

Re: Great! @Anonymous
by jondoor on Tue 12th Jul 2005 22:10 UTC
jondoor
Member since:
2005-06-30

Agreed things could be better, but that's true about everything.

Reply Score: 1

v Name is spelt incorrectly
by Anonymous on Tue 12th Jul 2005 22:11 UTC
RE: Name is spelt incorrectly
by Anonymous on Tue 12th Jul 2005 22:14 UTC in reply to "Name is spelt incorrectly"
Anonymous Member since:
---

Pedant.

Reply Score: 0

Re: RE[2]: It's becoming annoying
by Joe User on Tue 12th Jul 2005 22:13 UTC
Joe User
Member since:
2005-06-29

If this were a MS issue, people would freak out.

Too pathetic. This drives me so mad. The same people who moan at Microsoft each time hackers discover security flaws say it's no big deal when it happens to Firefox. Gimme a break!

Reply Score: 1

Re: Name is spelt incorrectly
by Joe User on Tue 12th Jul 2005 22:14 UTC
Joe User
Member since:
2005-06-29

y'know, it's Firefox, not FireFox.

You know, it's "You know", not "y'know" ;)

Reply Score: 1

Security fixes not listed for 1.05
by Anonymous on Tue 12th Jul 2005 22:15 UTC
Anonymous
Member since:
---

The link provided does not list 1.05 security fixes. Is there a link for this?

Reply Score: 0

v Where is the good installer
by Anonymous on Tue 12th Jul 2005 22:37 UTC
Remember when...
by Drumhellar on Tue 12th Jul 2005 22:42 UTC
Drumhellar
Member since:
2005-07-12

Remember when Opera's biggest feature was that it fit on a floppy?

Opera bugs me in that, for the life of me, I can't figure out how to get the tab bar to sit below the address bar.

Reply Score: 0

RE: Remember when...
by Joe User on Tue 12th Jul 2005 22:48 UTC in reply to "Remember when..."
Joe User Member since:
2005-06-29

Opera bugs me in that, for the life of me, I can't figure out how to get the tab bar to sit below the address bar.

Err... This wouldn't make much sense...

Reply Score: 1

v RE[2]: Remember when...
by Anonymous on Wed 13th Jul 2005 00:14 UTC in reply to "RE: Remember when..."
RE: Remember when...
by Anonymous on Wed 13th Jul 2005 05:22 UTC in reply to "Remember when..."
Anonymous Member since:
---

Opera bugs me in that, for the life of me, I can't figure out how to get the tab bar to sit below the address bar

I don't know that you can do that, but what you can do is drag a URL bar and whatever else you want to the main bar, which naturally sits above the tab bar.

Just stick the widgets and stuff you need there, get rid of those you don't and hide the regular address bar.

Reply Score: 0

RE[2]: Remember when...
by Anonymous on Wed 13th Jul 2005 05:26 UTC in reply to "RE: Remember when..."
Anonymous Member since:
---

The only weirdness with that is if you tile or cascade the pages, there's only one URL displayed which corresponds to whichever is active; with the address bar visible, each page gets its own URL field.

Reply Score: 0

fixes
by Anonymous on Tue 12th Jul 2005 22:42 UTC
Anonymous
Member since:
---

http://www.getfirefox.com

click on ...

Reply Score: 0

Re: Where is the good installer
by Joe User on Tue 12th Jul 2005 22:42 UTC
Joe User
Member since:
2005-06-29

I mean the one you just unzip into a directory and you are done. All they have is some silly executable and I sure don't want that.

LOL With radically opposed stand points, I doubt everybody will be happy!

As for myself, I don't call a zipped archive an installer! Unzipping an archive is fine for beta testing, but in the end one need a setup.exe, at least for the end user.

Reply Score: 1

Anonymous Member since:
---

actualy i am more fond of the zip file, didnt have to wait for anything to be installed, could stick it on a usb stick and use it at school even tho i dont have necessary permissions to install software... guess i am stuck using the old one...

wonder if you could install, zip up the fifefox folder and go from there....

why would a user care more about "installing" than just unzipping...

Reply Score: 0

Joe User Member since:
2005-06-29

wonder if you could install, zip up the fifefox folder and go from there....

Yes you can do this. I have done this with older versions of IE because I need to have several versions of IE at the same time on my computer when I test my web pages to check out backward compatibility. It'll work just fine with FF.

Reply Score: 1

RE
by Anonymous on Tue 12th Jul 2005 22:49 UTC in reply to "Re: Where is the good installer"
Anonymous Member since:
---

oh and it was cool to have the installed version and the zipped version, i could have one with my accelerator and one without...

Reply Score: 0

Anonymous Member since:
---

I am a developer, but not a Firefox developer. So, I am an end user for Firefox and the only good installer is me. I don't want a program messing with the registry or other nonsense when installing. I just want to unzip to a directory and go.

I have no idea what you mean by stand points.

Reply Score: 0

RE[2]: It's becoming annoying
by Dark_Knight on Tue 12th Jul 2005 22:51 UTC
Dark_Knight
Member since:
2005-07-10

Novell provides the update for SuSE Linux users via YOU (YaST Online Update) or via FTP source directory. Unfortunately not all distribution developers offer such a service for third party software. Since not all Linux distributions are LSB certified I'm sure this would provide a packaging nightmare for the Mozilla developer.

Reply Score: 1

opera
by Anonymous on Tue 12th Jul 2005 22:52 UTC
Anonymous
Member since:
---

i just cant stand the ads, and by default it looks sooooo confusing with a dozen toolbars and other stuff....

Reply Score: 0

RE: opera
by Joe User on Tue 12th Jul 2005 23:02 UTC in reply to "opera"
Joe User Member since:
2005-06-29

i just cant stand the ads

Then buy your copy. What does 39 bucks represent in your yearly budget? This is what you spend everyday at Albertson's !

Opera's is reported at 1%.
Yes, so it is less likely that crackers will target Opera. Makes sense, doesn't it? ;)

Reply Score: 1

RE[2]: opera
by Anonymous on Tue 12th Jul 2005 23:12 UTC in reply to "RE: opera"
Anonymous Member since:
---

why pay for opera when i can get firefox....

opera also crashed a time or two when i tried it last which wasnt long ago....

i do like some of the features but do not really end up using them that often. I do like how you can turn pics OFF, ON, or CACHED only from the toolbar...that was cool if i was in a hurry

Reply Score: 0

RE[2]: Bad bad bad...
by JPortal on Tue 12th Jul 2005 22:53 UTC
JPortal
Member since:
2005-07-06

Firefox has only 10% market share
Opera's is reported at 1%.

and has had so many security updates lately ;)
Security updates are a bad thing?

Firefox has had a lot of security updates, but none of them were exploitable for very long before they were patched. Number of wide-spread exploited bugs: 0...

I would recommend Opera any day.
That's your own opinion, but don't say that Opera is better because it's less buggy ;)

Does anyone know when Firefox 1.1 is supposed to come out? The Deer Park beta was good stuff... I can't wait.

Reply Score: 3

RE[3]: Bad bad bad...
by Varg Vikernes on Wed 13th Jul 2005 00:54 UTC in reply to "RE[2]: Bad bad bad..."
Varg Vikernes Member since:
2005-07-06

and has had so many security updates lately ;)
Security updates are a bad thing?


Yes because it shows the browser wasn't deisgned properly or that they didn't catch security bugs or that the software is buggy.

Firefox has had a lot of security updates, but none of them were exploitable for very long before they were patched. Number of wide-spread exploited bugs: 0...

You sure about that? Because I have this feeling that half of ths sites I visit can easily pop a popup even though I have popups disabled. If you don't know, this is a Firefox only bug (doesn't happen in IE or Opera).

I would recommend Opera any day.
That's your own opinion, but don't say that Opera is better because it's less buggy ;)


Why wouldn't he? Why is then Firefox better? There are benchmarks where Opera blasts Firefox away in every single test and there's not a single unpatched exploit in Opera. Now, you might bring up that as it would gain popularity people would definently find security holes/bugs in it, but then you also agree that Windows has so many holes due to its popularity not because of bad design?

yea ok! how did you conclude it leaks memory like a sieve.....

Firefox's own developers admit that it has memory leaks. Load 50 tabs and look at mem usage. Now close all those tabs and look again. Or try to leave Firefox minimized for an hour or so while doing regular work on your PC. Then try to "unminimize" it.

but at least my browser isnt a part of my operating system
What is the problem? I utterly fail to see what the problem is to have the browser tight to the OS, sorry.


That guy is clueless. IE is not a part of the OS and has never been. I don't feel like giving you a link to a blog of a Microsoft employee, but surely you can find it.

My experience is quite the opposite. The more feature a program tries to add the less useful it becomes.

In that case you probably also think Emacs is less useful then say UltraEdit?

for Linux/OSS zealots. This thread show the double standards. If it is an IE bug, they will whine at Mircosoft as much as they can. If its OSS software bug, yeah no big deal.

One guy says, the more bugs they found, more secure it will be another says they fix it fast and another will say its no big deal to download on slow dialup. Excuses excuses and then they wonder why market share doesn't increase. LOL

Honestly, the hype of firefox seems to have died since the truth has come out. At least one thing is proven, the more popular a software is, the more bugs are found (or exploited). I feel so much better using Windows now. YaY all the OSS zealots can go and eat $#%^


Well, you should already know this if you visit OSNews or Slashdot. These people seem to lack common sense. Say I write a worm/virus and I want to distribute it to as many people as possible. Do I a) try to find a hole in a browser that 3% of people use and maybe infect 50% of those 3%s, or b) I try to find a whole in a browser 90% of prople use, particullary non computer savvy users so that means I have a much higher chance of succeeding. Tough one.

Reply Score: 1

RE[4]: Bad bad bad...
by orestes on Wed 13th Jul 2005 01:08 UTC in reply to "RE[3]: Bad bad bad..."
orestes Member since:
2005-07-06

In that case you probably also think Emacs is less useful then say UltraEdit?

I can't speak on UltaEdit, but emacs is a perfectly fine operating system. When I want to edit text I break out sam or one of the vi variants.

Reply Score: 1

Bad bad bad...
by Anonymous on Wed 13th Jul 2005 03:17 UTC in reply to "RE[3]: Bad bad bad..."
Anonymous Member since:
---

popups on firefox and not IE? show me the sites...

oh thought i would try a bit of that leakage you talk about
--------
firefox
upon startup, one blank tab uses 13,584k
10 sites in tabs seems to hold steady at 29,520k
refreshing all the pages brings the usage to 26,312
close all the pages, one blank tab remaining
minimize for 30min
restore
using 11,716k

same 10 tabs
10 tabs once again hold steady at 28,384k
minimized it goes down to 3540k and holds
restore brings it to 18,188k and holding


follow the drip follow the drip.... doesnt seem bad to me... try the same on IE WHEW!!!!

sorry but it would take me forever to load 50 tabs so 10 will do.... I leave firefox minimized all the time no biggie, drags for a sec when restored but considering when it is minimized it only uses a few megs I would expect my puter to drag for a sec while it figures out what to do...

who would use 50 tabs anyway???

ok,let me try 30 local pages.....

open firefox uses 13,568k
open 30 local pages uses 30,524k
minimized uses 2480k
do some other stuff for about a hour
restore uses about 28540


btw-those same 10 sites in IE consume about 60megs of memory, about 14megs minimized, and resotre brings it back to about 30...

YEa, go ahead and head back to IE and take your sieve with ya!
----------
"IE is not a part of the OS and has never been."

strange that i can open the FILEMANAGER and surf to yahoo, or open the browser and manipulate the filesystem.... strange that a malformed web page can freeze my whole computer to the point of needing a reboot...

ok i will stop

Reply Score: 0

RE: Bad bad bad...
by Anonymous on Thu 14th Jul 2005 14:21 UTC in reply to "Bad bad bad..."
Anonymous Member since:
---

Regarding your stats on memory usage..

open firefox uses 13,568k
open 30 local pages uses 30,524k
minimized uses 2480k
do some other stuff for about a hour
restore uses about 28540

Seeing that your memory usage goes down when you minimize Firefox, you are being shown the *active memory* usage, that is to say memory which is in actually in real RAM at the time.

What you want is the *total* memory usage whether it's in in real RAM or swapped out into virtual memory.

I'm not a Windows user and am running OSX at this time so I'm not sure how to get the actual memory usage out of the system (a command line utility like "top" anyone?), but let me assure you that I've never seen *any* browser at all that releases memory back to the system when you close windows/tabs.

All browsers leak RAM and I'm sure it has to do with the memory allocation model in C rather than actual bad design.

However, I just replaced my hard drive in this laptop I'm using and at the time, I got down to about 150 Meg *free* on the hard drive and I couldn't use Firefox for more than five minutes before having to reboot the OS. I quickly swiched back to iCab and Safari where I could get a few hours out of my browser before disk usage shrank to zero.

The reason that your memory statistics seem to be reasonable is that you are not being shown the whole working set of the program.

Reply Score: 0

Question about Autopatching
by Anonymous on Tue 12th Jul 2005 23:06 UTC
Anonymous
Member since:
---

Anyone with an ounce of sense will have Firefox's directory 755 and will only run it using a non-root account - how can autopatching work, then?

Will it ask me for my root password? Could a website fake the dialog?

Reply Score: 0

RE: Question about Autopatching
by Joe User on Tue 12th Jul 2005 23:16 UTC in reply to "Question about Autopatching"
Joe User Member since:
2005-06-29

Anyone with an ounce of sense will have Firefox's directory 755 and will only run it using a non-root account - how can autopatching work, then?

It won't happen. FF can write only to your /home directory. You'll have to update your ports with CVSup and to issue:

cd /usr/ports/www/firefox && make install clean

As root.
PS: As for now, Firefox hasn't been updated yet on the mirrors.

Reply Score: 1

RE: Question about Autopatching
by Anonymous on Tue 12th Jul 2005 23:48 UTC in reply to "Question about Autopatching"
Anonymous Member since:
---

Anyone with an ounce of sense will have Firefox's directory 755 and will only run it using a non-root account - how can autopatching work, then?

If you want to upgrade it as a user, then you would have installed it as a user, therefore you would have installed it in your home directory. Otherwise if you wanted it installed and updated systemwide you'd install it as root and update it as root, or just rely on whatever package manager you use to install and update it, though that almost certainly wouldn't use patches.

Reply Score: 0

v Another day of shame
by CrazyDude0 on Tue 12th Jul 2005 23:15 UTC
RE: Another day of shame
by Anonymous on Tue 12th Jul 2005 23:35 UTC in reply to "Another day of shame"
Anonymous Member since:
---

so because IE rarely offers patches it is somehow MORE secure?

"At least one thing is proven, the more popular a software is, the more bugs are found (or exploited). "
how is that proven?

yea it is much better to be clueless and not have updates and so forth so when blaster and sasser and everyone walks in you arent prepared at all....

a lot of the browser security issues are present on the majority of browsers.... but at least my browser isnt a part of my operating system...

Reply Score: 0

RE[2]: Another day of shame
by Joe User on Tue 12th Jul 2005 23:49 UTC in reply to "RE: Another day of shame"
Joe User Member since:
2005-06-29

but at least my browser isnt a part of my operating system

What is the problem? I utterly fail to see what the problem is to have the browser tight to the OS, sorry.

Reply Score: 2

RE[3]: Another day of shame
by orestes on Tue 12th Jul 2005 23:52 UTC in reply to "RE[2]: Another day of shame"
orestes Member since:
2005-07-06

You don't find it just a teensy bit disturbing that a flaw in your browser can bring you entire OS to it's knees.

Reply Score: 1

RE[4]: Another day of shame
by Joe User on Wed 13th Jul 2005 00:00 UTC in reply to "RE[3]: Another day of shame"
Joe User Member since:
2005-06-29

You don't find it just a teensy bit disturbing that a flaw in your browser can bring you entire OS to it's knees.

This is not a problem of concept (shipping a browser with an OS in this case). This is a problem of budget priorities. Microsloth doesn't want to put money into IE because up to recently there was virtually no competition, and now things are changing. In a nutshell, Microsloth didn't care that much about IE's security issues.

Doesn't KDE has Konqueror tight too? Isn't that good? I think EVERY OS should be shipped with a tight browser.

Reply Score: 1

RE[5]: Another day of shame
by Anonymous on Wed 13th Jul 2005 00:04 UTC in reply to "RE[4]: Another day of shame"
Anonymous Member since:
---

KDE is not an operating system.

Reply Score: 0

RE[5]: Another day of shame
by orestes on Wed 13th Jul 2005 00:06 UTC in reply to "RE[4]: Another day of shame"
orestes Member since:
2005-07-06

Personally, I favor ye olde *nix philosophy of do one thing and do it well. The more you make programs dependant on each other, the more you screw yourself over when some critical piece fails.

Reply Score: 1

RE[6]: Another day of shame
by TBPrince on Wed 13th Jul 2005 00:13 UTC in reply to "RE[5]: Another day of shame"
TBPrince Member since:
2005-07-06

Personally, I favor ye olde *nix philosophy of do one thing and do it well. The more you make programs dependant on each other, the more you screw yourself over when some critical piece fails.

Sure, but the more your software are integrated, the more your productivity (about anything, from office work to MP3 playing) gets enhanced.

In the end, it's a matter of taste (given that all software has bugs...).

Reply Score: 2

RE[7]: Another day of shame
by orestes on Wed 13th Jul 2005 00:16 UTC in reply to "RE[6]: Another day of shame"
orestes Member since:
2005-07-06

Sure, but the more your software are integrated, the more your productivity (about anything, from office work to MP3 playing) gets enhanced.

My experience is quite the opposite. The more feature a program tries to add the less useful it becomes.

In the end, it's a matter of taste (given that all software has bugs...).

True enough.

Reply Score: 1

RE: Another day of shame
by Anonymous on Wed 13th Jul 2005 00:58 UTC in reply to "Another day of shame"
Anonymous Member since:
---

not really. the bugs found in firefox are far more trivial than the bugs in IE... they're found by examination of the SOURCE CODE as POTENTIAL problems... most of the expolits never make it into the wild.. and they're pacthed very quickly.. heck, MS legally bars security experts on IE from TALKING about expolits for longer than it takes FireFox to actually patch them!!!

Reply Score: 1

Let's see...
by deathshadow on Tue 12th Jul 2005 23:33 UTC
deathshadow
Member since:
2005-07-12

The link to "Security issues" doesn't list what was changed for 1.0.5

And it STILL leaks memory like a sieve...

Damn, back to IE.

Reply Score: 1

RE: Let's see...
by Anonymous on Tue 12th Jul 2005 23:40 UTC in reply to "Let's see..."
Anonymous Member since:
---

yea ok! how did you conclude it leaks memory like a sieve.....

back to IE.... well if you are so enraptured with IE why do you bother trying anything else...

Reply Score: 0

As you become popular...
by TBPrince on Tue 12th Jul 2005 23:51 UTC
TBPrince
Member since:
2005-07-06

Not willing to troll but just sharing some thoughts. I guess some people now realize how difficult is to keep a product safe, expecially when your market share increases.

I don't know exact FF market share (let's say it's 10%, as someone here stated...) but FF had:


3 (three) security problems rated as critical in 1.0.4
3 more critical and 2 rated as high in 1.0.3
1 critical and 3 highs in 1.0.2
2 criticals and 2 highs in 1.0.1

(based on their list)

That makes 9 critical bugs (which, if I'm right, represents bug who can lead to unrestricted system access) in timeframe from 1.0.1 to 1.0.5... isn't that a few months? How many? 2-3-4 months?

This should make people who bash for a single IE problem a bit upset and mostly should teach them that the more a product get popular, the more it will need to care about security.

Though I'm not using FF now (except for testing purposes) I do really hope that Mozilla can release the auto-patching feature, expecially for people who use slow connections.

Constant auto-patching seems to be the only way to reduce surface for attacks as educating people has failed. If we get lucky, 2 or maybe 3 users of 10 will remember to check for updates from time to time. Given that one can have dozens of software installed, this could be very very annoying...

Reply Score: 2

RE[2]: Another day of shame
by rm6990 on Wed 13th Jul 2005 00:07 UTC
rm6990
Member since:
2005-07-04

for Linux/OSS zealots. This thread show the double standards. If it is an IE bug, they will whine at Mircosoft as much as they can. If its OSS software bug, yeah no big deal.

One guy says, the more bugs they found, more secure it will be another says they fix it fast and another will say its no big deal to download on slow dialup. Excuses excuses and then they wonder why market share doesn't increase. LOL

Honestly, the hype of firefox seems to have died since the truth has come out. At least one thing is proven, the more popular a software is, the more bugs are found (or exploited). I feel so much better using Windows now. YaY all the OSS zealots can go and eat $#%^


I still don't get how a bunch of people on OSNews having double standards affects the market share for people who will never visit OSNews??? Do you think you can wrap your feeble little mind around the fact that maybe, just maybe, the people at OSNews aren't a very good representation of the entire OSS community??? Most newbies go to a place like linuxquestions.org or the irc channel for their distro of choice. Go join any real mailing list for a project, they are very responsive and serious about these issues and no, they don't sit and complain about Microsoft all day. Despite being computer geeks, they do have a life, unlike most of the people here, and do something useful with their time. I wouldn't be suprised if more than three quarters of the people that make stupid comments like the ones you are referring to (or yours to boot) are 13 years old and just do it because they have nothing better to do.

And incase you aren't actually 13, you should re-read your comment, because it reads like it is written by a 13 year old.

(And to the handful (literally) of intelligent people that comment on these forums, I apologize, and I wasn't talking about you).

Reply Score: 4

re
by Anonymous on Wed 13th Jul 2005 00:08 UTC
Anonymous
Member since:
---

i prefer a clean reinstall instead of patching.....

and I am on a dialup connection... well almost... cellphone.... takes about 15-20min to download but i can live with that....

"This should make people who bash for a single IE problem a bit upset "
if it was a single problem in IE but it isnt, it is numerous flaws and exploits int he browser and the OS... but since they are wrapped up together one affects the other...

Reply Score: 0

RE: re
by TBPrince on Wed 13th Jul 2005 00:20 UTC in reply to "re"
TBPrince Member since:
2005-07-06

if it was a single problem in IE but it isnt, it is numerous flaws and exploits int he browser and the OS... but since they are wrapped up together one affects the other...

That's true. But all in all, MS is another victim of surprisingly fast Internet development. A few of their technologies, which were even good ones, proved to be ineffective and unable to cope with such a large exponential growth or hard to maintain.

On the other hand, putting a browser at base of your system made helped to make HTML and Internet so popular.

I think MS got perfectly aware that they had a maintenance problem for their technologies at least 2-3 years ago. They're improving (whether it's enough, it's of course questionable).

However, auto-patching seemed to help, given that many computers now have access to the Internet. The dark side of auto-patching (as someone noticed) is having your software to stop working all of sudden for unknown reasons. This could be ok for home users, but it's dramatic for business users...

Reply Score: 1

Anonymous
Member since:
---

Is when it breaks extensions. Granted, this hasn't happened to me since 1.02, but I dread updating the program. Just a couple of months ago, just updating a couple of extensions completely broke the personal toolbar. I have considered for awhle switching to Opera full-time. As soon as they get some kind of integrated adblock functionality (piss on the damn ini files), I'll prolly be there.

Reply Score: 0

RE: As you become popular...
by Anonymous on Wed 13th Jul 2005 01:48 UTC
Anonymous
Member since:
---

"That makes 9 critical bugs (which, if I'm right, represents bug who can lead to unrestricted system access) in timeframe from 1.0.1 to 1.0.5... isn't that a few months? How many? 2-3-4 months?

This should make people who bash for a single IE problem a bit upset and mostly should teach them that the more a product get popular, the more it will need to care about security."

How about doing a little more research before you post. You imply that Firefox is a security nightmare when, in fact, it still has far less vulnerabilities than IE. And the problem with IE is not a "single problem" as you put it but several of them. Compare the security history of IE (http://secunia.com/product/11/) and Firefox (http://secunia.com/product/4227/). Firefox still comes out ahead.

Firefox is not perfect and the update feature that should be available in 1.1 will make patching much easier and less of a pain. It hasn't been the best year for firefox but its still WAY more secure than any other free browser out there.

Reply Score: 0

RE: As you become popular...
by Anonymous on Wed 13th Jul 2005 03:32 UTC
Anonymous
Member since:
---

Awww you are trying so hard to defend firefox. Remember IE is there for a long time, you should compare vulnerabilities over a time period. Also IE is used by more than 70-80% people so it is attacked way more.

Reply Score: 0

RE: RE: As you become popular...
by Anonymous on Wed 13th Jul 2005 03:46 UTC in reply to " RE: As you become popular..."
Anonymous Member since:
---

awww and you are trying so hard to attack firefox so i think it only right that someone defend it... I tell you what, if you dont attack it I will guarantee that no one will be defending it....

Reply Score: 0

v Bad bad bad...
by Anonymous on Wed 13th Jul 2005 03:38 UTC
RE: Bad bad bad...
by Anonymous on Wed 13th Jul 2005 03:52 UTC in reply to "Bad bad bad... "
Anonymous Member since:
---

well IE should be faster considering explorer is already loaded it just has to throw a different window areound it...

firefox takes about 2 second maybe 3 on my machine...

Reply Score: 0

IE part of OS or not
by Anonymous on Wed 13th Jul 2005 03:42 UTC
Anonymous
Member since:
---

What do you mean by part of OS? It is only used by the shell. Shell is necessary for an OS to work. Lets say on Linux, my shell is KDE, then Konqueror == IE.

Whats wrong with IE being a part of shell? Please enlighten?

Reply Score: 0

RE: Bad bad bad...
by Anonymous on Wed 13th Jul 2005 03:44 UTC
Anonymous
Member since:
---

"Here is my story:
I rebooted windows, i clicked on IE, it started in 1-2 seconds. I clicked on Firefox, it took 7-10 seconds."

As explained before, IE is tight to Windows (it's used to render stuff when you click on My Computer, etc) so it gets loaded with Windows.
That's why it starts "faster". Before posting like that, I would recommend you to learn more about how Windows works.

Reply Score: 0

RE: IE part of OS or not
by Anonymous on Wed 13th Jul 2005 03:48 UTC
Anonymous
Member since:
---

"What do you mean by part of OS? It is only used by the shell. Shell is necessary for an OS to work. Lets say on Linux, my shell is KDE, then Konqueror == IE.
Whats wrong with IE being a part of shell? Please enlighten?"

The shell in windows implies the taskbar, start menu. The shell in Linux is just a program that gives you a command line. KDE is a Desktop for Linux (it gives you a window manager and utilities to enance your desktop) and runs on top of X. A few things are based on KHTML the Konqueror rendering engine, so if it has a bug, there shouldn't be a problem.
In Windows the Internet Explorer rendering engine is used to display tons of things, so if there's a bug on it or it crash.. then, your whole desktop crash. In Linux you just have to kill a app if that happens.

Reply Score: 0

RE[2]: IE part of OS or not
by Anonymous on Wed 13th Jul 2005 06:45 UTC in reply to "RE: IE part of OS or not"
Anonymous Member since:
---

so if there's a bug on it or it crash.. then, your whole desktop crash.

Who told you that? IE can crash as much as it wants, my desktop doesn't. The rendering engine is in mshtml.dll and it is used by different processes.

So now please come up with better reason, why having IE on system (or as a part of the shell) is a bad thing?

Instead it makes some display task really rich. .chm files for example. There is no uniform help standard in Linux. None is able to display rich help like .chm files with full index etc.

Reply Score: 0

even more
by Anonymous on Wed 13th Jul 2005 04:02 UTC
Anonymous
Member since:
---

not only is IE meshed with the filemanager it is so much more from web content in folders to active desktop to...everything, it is woven in and out of the OS

yes, you can rip it out but it certainly isnt made to be that way and I am actually not sure you can still rip it out anymore...

Reply Score: 0

Two Questions
by Anonymous on Wed 13th Jul 2005 04:11 UTC
Anonymous
Member since:
---

Two Questions:

1) When the hell will it NOT wreck my extensions, even though they still work if I reinstall them?

and

2)When can I set Firefox AS MY SHELL!?! Let's rip windows, right out of Windows. Wouldn't that be sweet?

I'm SURE I read way back ages ago that Netscape was planning to do the shell game, but I guess they gave up on that idea...

Reply Score: 0

RE: Two Questions
by Anonymous on Wed 13th Jul 2005 04:16 UTC in reply to "Two Questions"
Anonymous Member since:
---

rip windows out of windows....
well maybe not that completely but you can run blackbox for windows and not have explorer or any of that running....

looks really leet as well! got skills!

Reply Score: 0

No more spyware in IE ?
by Anonymous on Wed 13th Jul 2005 04:25 UTC
Anonymous
Member since:
---

FF and Opera may have an advantage right now, but don't rule out IE on the security front just yet. You can bet that if MS goes ahead and buys Claria, the first thing they'll do is finally lock IE down good and tight. There's no way they'll let anybody else's spyware run on your machine...

Reply Score: 0

v RE: No more spyware in IE ?
by Anonymous on Wed 13th Jul 2005 04:27 UTC in reply to "No more spyware in IE ?"
RE:No more spyware in IE ?
by Anonymous on Wed 13th Jul 2005 04:45 UTC
Anonymous
Member since:
---

That's a little dumb. Or very stupid. Hmm...

Anyways, the point. I'll get to the point. Mmmmmm, point, *drools*.

Claria / Gator specifically ask users to install them from websites. I know, I've seen the ActiveX dialog boxes, and I've seen people click yes (ugh). Microsoft already can deal with this, people just have to stop clicking Yes dangit.

It's the other spyware that is more problematic. You know, the ones that don't pop a thing up. I've been infected with this variety myself, which is was drove me to Firefox (and then the tabs, popup blocking, and extensions held me to it).

The only way Claria typically goes in with not user approval at all is when it's bundled with other spyware. This wouldn't solve that issue.

Reply Score: 0

thank you
by Anonymous on Wed 13th Jul 2005 06:29 UTC
Anonymous
Member since:
---

Thank you works great.

Reply Score: 0

Shell in Windows
by Anonymous on Wed 13th Jul 2005 06:50 UTC
Anonymous
Member since:
---

For all the *ignorant* people, the default shell in windows is Explorer, which displays, taskbar etc. You can chose a different processes to be the shell like cmd.exe and all you will see windows start is cmd.exe
You can create a completely new desktop and windows will load that. How exactly is Linux any better?

Reply Score: 1

v how many times must we upgrade?
by Anonymous on Wed 13th Jul 2005 07:16 UTC
agildehaus Member since:
2005-06-29

I am sorry you don't understand the simple concept that programmers are not flawless and thus their programs are not flawless. The difference here, what we have missed under an IE dominated market, is that this little browser regularly receives updates and people actually care that it continues to receive features.

If you don't want to upgrade, don't. It took me a whole 5 minutes. Granted they could have a better update system, but that will have to wait for 1.1 (it's coming).

Reply Score: 2

sappyvcv Member since:
2005-07-06

I wouldn't call 2 months between 1.0.4 and 1.0.5 with 10 vulnerabilities (2 critical) very timely.

When there is a critical vulnerability, you fix it and get a new version out in under a week if you want it to be called "timely". You think that's hard? Nope. All they do is use the 1.0.4 codebase and fix only those security issues as not to introduce new bugs (though its still possible). It could be done in a day or two.

Reply Score: 1

remenic
Member since:
2005-07-06

Man, it would be so nice if they would finally fix the instability issues with Firefox. Any plugin can bring it down easily, and mplayerplug-in does it all too often.

It's sad that a plugin can bring down the entire application. Why doesn't it run in a sandbox of some sort?

Reply Score: 1

Firefox to Opera to Firefox - In one day
by ankitmalik on Wed 13th Jul 2005 10:23 UTC
ankitmalik
Member since:
2005-07-06

From my blog

Morning

he last time I had tried out Opera was on Linux. The font styles and sizes were absurd. I had to strain my eyes to surf the web using Opera. And so, I hastily moved back to Firefox.

But now that I am on Windows [remember, I messed up my Linux installation with a curious rm -rf * ;) ] ; Firefox bugs me. It starts up after, say, 20 seconds and most of the time, it refuses to start at all. In that case, I have to fire up the Task Manager and forcefully terminate the firefox.exe process and then try to run Firefox again.

I am all for open source apps, but Opera

a) loads considerably faster than Firefox [FF]!
b) is snappier than FF
c) is freeware
d) smooth scrolling really means smooth scrolling
e) installs Skins without asking you to restart it to use!!

The thing with closed source apps is they try to lock your data and then force you to upgrade. But the good thing about web browsers is you really aren’t storing any data in the web browser. Bookmarks are the only thing that may worry anyone like me, but then I use Furl, so no problem for me in this department.

The downnside is
a) It has ads but I guess I can live with that.
b) It doesn’t support extensions like Adblock and installing the Opera Adblock thingie is a real pain.
c) It is an eyesore on Linux.
d) The WYSIWYG Editor for Wordpress doesn’t work here

But for me, the snappiness far outweighs the disadvantages. As long as I can work faster, I don’t mind the ads… And yes, I will be back to FF I guess, if it goes back to its lightweight origins.

Now what I need to get used to is that Ctrl+T doesn’t mean New Tab.Or wait, can I set it up? Will check it out… And wait, I still have to try the Voice command system or whatever that is called…

Evening

This morning I blogged about Firefox’s loading time being a real pain… And by the evening I have this problem solved thanks to a comment posted for that post.

The trick is to

a) Export all your bookmarks

b) Delete your profile in C:/Documents and Settings/$User/Application Data/Profiles/

c) Start Mozilla Firefox and it will ask you to make a new profile

d) Make a new profile and shut down Firefox.

Now start Mozilla Firefox and it should load 10 times faster than the normal start up time!!! For instance I have Mozilla Firefox 1.0.5 [ it is not officially released yet] and I have managed to reduce start up times from 20 seconds to an unbelievable 2 seconds!!!

Reply Score: 2

Anonymous Member since:
---

The trick is to
a) Export all your bookmarks
b) Delete your profile in C:/Documents and Settings/$User/Application Data/Profiles/
c) Start Mozilla Firefox and it will ask you to make a new profile
d) Make a new profile and shut down Firefox.


That works, but once I add in the 12 extensions I consider essential, it goes back to the slow start up.

Reply Score: 0

Anonymous
Member since:
---

I wonder why they don't address fixing other issues with FireFox ?

a) Searching don't work here, I get the search bar at the bottom, enter something to search and nothing happens.

b) When loading a page often the 'Stop' loading document button is grayed out (ghosted) and you can't stop the process of loading the page, specially when there are big images that require lot of time loading. You need to press the 'Reload' button and until then then 'Stop' button shows up (unghosted) and you can stop the page

c) No possibility to compile or use freetype 2.1.9 or even 2.1.10 without having to apply an unverified patch that floats around on many gentoo pages. Unfortunately that patch don't take DPI into account and thus the fonts don't look properly specially the dimensions are inaccurate.

These are few issues that are floating through my head as I type, there are a few other really annoying issues as well. I wonder why they keep fixing security related issues and not fixing other visible or annoying issues as well. I know they work on FireFox 1.1 already but this don't justify that other issues shouldn't be fixed either in the meanwhile.

Reply Score: 0

Re: Shell in Windows
by Anonymous on Wed 13th Jul 2005 12:04 UTC
Anonymous
Member since:
---

For all the *ignorant* people, the default shell in windows is Explorer, which displays, taskbar etc. You can chose a different processes to be the shell like cmd.exe and all you will see windows start is cmd.exe
You can create a completely new desktop and windows will load that. How exactly is Linux any better?


X -- and we are talking X not Linux when we are talking desktop environments and window managers -- seperates the app from the display. As such, if you want to have your File... menus running along the top of the screen like in MacOS/OSX, you can. With Windows, things just aren't designed to be seperated...so apps tend to make odd decisions based on the default setup. If you want to boot without X, you can. If you want to replace or entirely remove X, you can too...and some PDAs and embedded systems do.

You can approximate what X + window managers and virtual terminals provide in Windows, but it's really not the same. In short, Windows isn't as flexable as X.

Reply Score: 0

RE[2]: Bad bad bad...
by abdavidson on Wed 13th Jul 2005 12:47 UTC
abdavidson
Member since:
2005-07-06

This post being scored so low is a good example of the problems of this vote system.

More people use Firefox than Opera so a plain simple FACTUAL comment based on Opera gets voted down by the large amount of Firefox users.

Reply Score: 1

RE[3]: Bad bad bad...
by karl1 on Wed 13th Jul 2005 13:33 UTC in reply to "RE[2]: Bad bad bad..."
karl1 Member since:
2005-06-29

I wouldn't necessarily call that a problem with the vote system. You can set your threshold lower and still see the comments; however, the reason the comment in question was scored low (no, I haven't seen it yet), would have been because of the types of people, not the vote system. A system is only as good as its users, and if people desire to vote down valid posts, then it is not the system's fault, but the fault of the people.

Reply Score: 1

RE: RE: As you become popular...
by Anonymous on Wed 13th Jul 2005 13:05 UTC
Anonymous
Member since:
---

"Awww you are trying so hard to defend firefox. Remember IE is there for a long time, you should compare vulnerabilities over a time period. Also IE is used by more than 70-80% people so it is attacked way more."

I wouldn't call that trying hard I would call that minimal effort. If you actually read the secunia links that were provided you would see that they have statistics over a period of time for both firefox and IE6 and that firefox still comes out ahead.

Reply Score: 0

Unfair posting by google
by TusharG on Thu 14th Jul 2005 06:56 UTC
TusharG
Member since:
2005-07-06

:) its bit funny to see. I'm using Linux for past 5 years and I do promote open source inspite of that I didnot like the headline that google news is flashing "Firefox Gets a New Coat" well its not a coat! these are bug fixes while if it would have been a IE bug fixes then news would have been "IE fixes critical vernabilities!" Well it sounds like google is coming with its browser which is based on firefox and naturally they want to represnt it nicely.
and finally i want to say, lets not be biased and be fair when one posts news! bugs are bugs! and irrespectively they should be fixed!

Reply Score: 1